[WIP] Add security option in yum module
Fix adds option to specify security updates in yum module Fixes #11498 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
This commit is contained in:
parent
0aa7c06395
commit
d3fe598202
1 changed files with 14 additions and 2 deletions
|
@ -126,6 +126,13 @@ options:
|
||||||
default: "/"
|
default: "/"
|
||||||
aliases: []
|
aliases: []
|
||||||
|
|
||||||
|
security:
|
||||||
|
description:
|
||||||
|
- If set to C(yes), then installs all security updates.
|
||||||
|
default: "no"
|
||||||
|
choices: ["yes", "no"]
|
||||||
|
version_added: "2.4"
|
||||||
|
|
||||||
notes:
|
notes:
|
||||||
- When used with a loop of package names in a playbook, ansible optimizes
|
- When used with a loop of package names in a playbook, ansible optimizes
|
||||||
the call to the yum module. Instead of calling the module with a single
|
the call to the yum module. Instead of calling the module with a single
|
||||||
|
@ -155,6 +162,7 @@ author:
|
||||||
- "Seth Vidal"
|
- "Seth Vidal"
|
||||||
- "Eduard Snesarev (github.com/verm666)"
|
- "Eduard Snesarev (github.com/verm666)"
|
||||||
- "Berend De Schouwer (github.com/berenddeschouwer)"
|
- "Berend De Schouwer (github.com/berenddeschouwer)"
|
||||||
|
- "Abhijeet Kasurde (github.com/akasurde)"
|
||||||
'''
|
'''
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = '''
|
||||||
|
@ -1060,7 +1068,7 @@ def latest(module, items, repoq, yum_basecmd, conf_file, en_repos, dis_repos, in
|
||||||
return res
|
return res
|
||||||
|
|
||||||
def ensure(module, state, pkgs, conf_file, enablerepo, disablerepo,
|
def ensure(module, state, pkgs, conf_file, enablerepo, disablerepo,
|
||||||
disable_gpg_check, exclude, repoq, skip_broken, installroot='/'):
|
disable_gpg_check, exclude, repoq, skip_broken, security, installroot='/'):
|
||||||
|
|
||||||
# fedora will redirect yum to dnf, which has incompatibilities
|
# fedora will redirect yum to dnf, which has incompatibilities
|
||||||
# with how this module expects yum to operate. If yum-deprecated
|
# with how this module expects yum to operate. If yum-deprecated
|
||||||
|
@ -1162,6 +1170,8 @@ def ensure(module, state, pkgs, conf_file, enablerepo, disablerepo,
|
||||||
elif state == 'latest':
|
elif state == 'latest':
|
||||||
if disable_gpg_check:
|
if disable_gpg_check:
|
||||||
yum_basecmd.append('--nogpgcheck')
|
yum_basecmd.append('--nogpgcheck')
|
||||||
|
if security:
|
||||||
|
yum_basecmd.append('--security')
|
||||||
res = latest(module, pkgs, repoq, yum_basecmd, conf_file, en_repos, dis_repos, installroot=installroot)
|
res = latest(module, pkgs, repoq, yum_basecmd, conf_file, en_repos, dis_repos, installroot=installroot)
|
||||||
else:
|
else:
|
||||||
# should be caught by AnsibleModule argument_spec
|
# should be caught by AnsibleModule argument_spec
|
||||||
|
@ -1202,6 +1212,7 @@ def main():
|
||||||
installroot=dict(required=False, default="/", type='str'),
|
installroot=dict(required=False, default="/", type='str'),
|
||||||
# this should not be needed, but exists as a failsafe
|
# this should not be needed, but exists as a failsafe
|
||||||
install_repoquery=dict(required=False, default="yes", type='bool'),
|
install_repoquery=dict(required=False, default="yes", type='bool'),
|
||||||
|
security=dict(default="no", type='bool'),
|
||||||
),
|
),
|
||||||
required_one_of=[['name', 'list']],
|
required_one_of=[['name', 'list']],
|
||||||
mutually_exclusive=[['name', 'list']],
|
mutually_exclusive=[['name', 'list']],
|
||||||
|
@ -1256,9 +1267,10 @@ def main():
|
||||||
disablerepo = params.get('disablerepo', '')
|
disablerepo = params.get('disablerepo', '')
|
||||||
disable_gpg_check = params['disable_gpg_check']
|
disable_gpg_check = params['disable_gpg_check']
|
||||||
skip_broken = params['skip_broken']
|
skip_broken = params['skip_broken']
|
||||||
|
security = params['security']
|
||||||
results = ensure(module, state, pkg, params['conf_file'], enablerepo,
|
results = ensure(module, state, pkg, params['conf_file'], enablerepo,
|
||||||
disablerepo, disable_gpg_check, exclude, repoquery,
|
disablerepo, disable_gpg_check, exclude, repoquery,
|
||||||
skip_broken, params['installroot'])
|
skip_broken, security, params['installroot'])
|
||||||
if repoquery:
|
if repoquery:
|
||||||
results['msg'] = '%s %s' % (results.get('msg', ''),
|
results['msg'] = '%s %s' % (results.get('msg', ''),
|
||||||
'Warning: Due to potential bad behaviour with rhnplugin and certificates, used slower repoquery calls instead of Yum API.')
|
'Warning: Due to potential bad behaviour with rhnplugin and certificates, used slower repoquery calls instead of Yum API.')
|
||||||
|
|
Loading…
Reference in a new issue